Executive Summary

This vulnerability is an unquoted service path issue in Brother BRPrint Auditor version 3.0.7 on Windows. The software's Windows services (BrAuSvc and BRPA_Agent) have file paths containing spaces that are not enclosed in quotes. This misconfiguration allows a local attacker to place a malicious executable in a location that Windows might mistakenly execute instead of the intended service executable. Exploiting this can lead to arbitrary code execution with elevated privileges, as the affected services run under the LocalSystem account and start automatically. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute arbitrary code on the affected system with elevated privileges. This means the attacker can escalate their access rights, potentially gaining full control over the system, which can lead to unauthorized actions, data compromise, or disruption of services. [1, 2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking the Windows service configurations for unquoted service paths in the BrAuSvc and BRPA_Agent services. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to query the service configurations and identify unquoted paths. For example, use the command 'wmic service get name,pathname' or 'sc qc BrAuSvc' and 'sc qc BRPA_Agent' to view the executable paths and check if they are unquoted. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service paths by enclosing the executable paths in quotation marks in the service configurations to prevent malicious executable injection. Additionally, restrict local user permissions to prevent unauthorized users from placing executables in the vulnerable paths. Monitoring and applying any patches or updates from Brother for BRPrint Auditor is also recommended. [1, 2]

Useful 0 Not Useful 0